/lair

Lair is a reactive attack collaboration framework and web application built with meteor.

Primary LanguageJavaScriptOtherNOASSERTION

##Contact## If you need assistance with installation, usage, or are interested in contributing, please contact Dan Kottmann at any of the below.

Dan Kottmann

Tom Steele

##Installation##

Precompiled application packages are available for Linux and OS X. Download one of the current application packages below:

lair-v1.0.5-darwin-x64.7z

lair-v1.0.5-linux-x64.7z

lair-v1.0.5-linux-x86.7z

Next, download the latest drones python package here.

Running lair from the application package above is self-explanatory. To start Lair and all the required services:

    ./start.sh <ip>

To stop Lair:

    ./stop.sh

##Drones## Lair takes a different approach to uploading, parsing, and ingestion of automated tool output (xml). We push this work off onto client side scripts called drones. These drones connect directly to the database. To use them all you have to do is export an environment variable "MONGO_URL". This variable is probably going to be the same you used for installation

    export MONGO_URL='mongodb://username:password@ip:27017/lair?ssl=true'

With the environment variable set you will need a project id to import data. You can grab this from the upper right corner of the lair dashboard next to the project name. You can now run any drones.

    drone-nmap <pid> /path/to/nmap.xml

You can install the drones to PATH with pip

    pip install lairdrone-<version>.tar.gz

##Contributing##

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

##Setting up a development environment (OSX)##

  1. Install mongodb 2.6.0 or later preferably with ssl support (brew install mongodb --with-openssl)
  2. If using SSL then perform the following to setup certs:
  • openssl req –new –x509 –days 365 –nodes –out mongodb-cert.crt –key out mongodb-cert.key
  • cat mongodb-cert.crt mongodb-cert.key > mongodb.pem
  • Start Mongo with SSL support via mongod.conf or command line (mongod —sslMode requireSSL —sslPEMKeyFile mongodb.pem)
  1. Add a Lair database user:
  • mongo lair --ssl
  • db.createUser({user: "lair", "pwd": "yourpassword", roles:["readWrite"]});
  • Confirm user authentication: db.auth("lair", "yourpassword");
  1. Set the appropriate Lair environment variable...
  • With SSL: export MONGO_URL=mongodb://lair:yourpassword@localhost:27017/lair?ssl=true
  • No SSL: export MONGO_URL=mongodb://lair:password@localhost:27017/lair
  1. Download and install node.js
  2. Install Meteor: curl https://install.meteor.com | /bin/sh
  3. Install Meteorite package manager: sudo npm install -g meteorite
  4. Fork the Lair project on GitHub and clone the repo locally
  5. Install dependencies: cd /path/to/lair/app && mrt (you can kill the mrt process after dependencies are downloaded)
  6. Start Lair: cd /path/to/lair/app && meteor
  7. Browse to http://localhost:3000
  8. Code your changes and submit pull requests!

There are occasional issues and confilicts with Meteor and the Fibers module. If you run into a situation where you cannot start Meteor due to Fibers conflicts, refer to the following for potential fixes: